Re: Q: check_unsafe_exec() races (Was: [PATCH 2/4] fix setuidsometimes doesn't)

From: Al Viro
Date: Mon Mar 30 2009 - 08:32:27 EST

Next message: Fernando Luis Vázquez Cao: "[PATCH 6/7] xfs: propagate issue-flush error code"
Previous message: Nick Piggin: "Re: [patch 08/14] fs: scale inode alias list"
In reply to: Oleg Nesterov: "Re: Q: check_unsafe_exec() races (Was: [PATCH 2/4] fix setuidsometimes doesn't)"
Next in thread: Hugh Dickins: "Re: Q: check_unsafe_exec() races (Was: [PATCH 2/4] fix setuidsometimes doesn't)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 30, 2009 at 03:40:40AM +0200, Oleg Nesterov wrote:

> > We can't proceed. If that another exec() fails, it will clear "under exec" at
> > the end of do_execve(), before we kill other threads.
>
> Or we need a counter to mark/unmark.

Nah, easier to have check_unsafe_exec() return -EAGAIN in cases we care
about.

Anyway, completely untested patchset is in
git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6.git/ execve-mess
(the last 9 changesets of it).

WARNING: that's *NOT* for merge at the moment; this is not a pull request.

Review (and testing) would be welcome.

Shortlog of execve-related part:
Al Viro (6):
Take fs_struct handling to new file (fs/fs_struct.c), sanitize chroot_fs_refs()
New helper - current_umask()
Get rid of indirect include of fs_struct.h
Kill unsharing fs_struct in __set_personality()
New locking/refcounting for fs_struct
check_unsafe_exec() doesn't care about signal handlers sharing

Hugh Dickins (3):
Don't bump fs_struct refcount for procfs accesses
compat_do_execve should unshare_files
fix setuid sometimes doesn't - files_struct

Diffstat (again, of execve-related stuff)
arch/cris/kernel/process.c | 1 -
arch/powerpc/platforms/cell/spufs/inode.c | 2 +-
fs/Makefile | 2 +-
fs/btrfs/acl.c | 2 +-
fs/btrfs/ioctl.c | 2 +-
fs/cifs/dir.c | 4 +-
fs/cifs/inode.c | 4 +-
fs/compat.c | 28 ++++-
fs/dcache.c | 1 +
fs/exec.c | 39 +++++--
fs/ext2/acl.c | 2 +-
fs/ext3/acl.c | 2 +-
fs/ext4/acl.c | 2 +-
fs/fat/inode.c | 2 +-
fs/fs_struct.c | 173 +++++++++++++++++++++++++++++
fs/generic_acl.c | 2 +-
fs/gfs2/acl.c | 2 +-
fs/hfsplus/options.c | 2 +-
fs/hpfs/super.c | 2 +-
fs/internal.h | 8 +-
fs/jffs2/acl.c | 2 +-
fs/jfs/acl.c | 2 +-
fs/namei.c | 14 +--
fs/namespace.c | 61 +----------
fs/nfs/nfs3proc.c | 6 +-
fs/nfs/nfs4proc.c | 2 +-
fs/nfsd/nfssvc.c | 7 +-
fs/ocfs2/acl.c | 2 +-
fs/omfs/inode.c | 2 +-
fs/open.c | 1 +
fs/proc/base.c | 53 +++------
fs/proc/task_nommu.c | 3 +-
fs/reiserfs/xattr_acl.c | 2 +-
fs/xfs/linux-2.6/xfs_iops.c | 4 +-
include/linux/fs.h | 2 +
include/linux/fs_struct.h | 7 +-
include/linux/mnt_namespace.h | 2 +
include/linux/nsproxy.h | 1 +
include/linux/sched.h | 3 +-
init/do_mounts.c | 1 +
ipc/mqueue.c | 2 +-
kernel/auditsc.c | 1 +
kernel/exec_domain.c | 22 ----
kernel/exit.c | 32 +-----
kernel/fork.c | 63 +++++------
kernel/sys.c | 1 +
net/unix/af_unix.c | 2 +-
security/tomoyo/realpath.c | 1 +
48 files changed, 337 insertions(+), 246 deletions(-)
create mode 100644 fs/fs_struct.c

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Fernando Luis Vázquez Cao: "[PATCH 6/7] xfs: propagate issue-flush error code"
Previous message: Nick Piggin: "Re: [patch 08/14] fs: scale inode alias list"
In reply to: Oleg Nesterov: "Re: Q: check_unsafe_exec() races (Was: [PATCH 2/4] fix setuidsometimes doesn't)"
Next in thread: Hugh Dickins: "Re: Q: check_unsafe_exec() races (Was: [PATCH 2/4] fix setuidsometimes doesn't)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]